It's a security hole to allow anyone with write access to gain
administrative priviledges just through "mkdir". In OpenAFS
you still have implicit "a" access given to the owner of a volume
(which is the owner of the root directory node of a volume).
I do not believe there is a compilation flag to revert to the old,
insecure transarc semantics.
-derek
Quoting Bill Stivers <[EMAIL PROTECTED]>:
When we moved from Transarc AFS to OpenAFS default permissions
semantics and behavior seem to have changed. When this took place,
one of our other SAs here researched and found some references in
Google to a permissions semantics change, but wasn't able to find any
details. The problem in brief:
On our Transarc servers, the creator/owner of a directory seems to
have an implicit "a" permission to that directory, but on our OpenAFS
servers, that doesn't seem to be the case. Some of our local
scripts and procedures depend on that implicit "a" permission for
security purposes.
Did we miss a compile-time or configuration switch in either client,
or server, or is this a more fundamental semantics change in the
OpenAFS fileserver itself?
---
Bill Stivers
IC Unix Lab and Systems Administrator
University of California at Santa Cruz
[EMAIL PROTECTED]
v) 831-459-2472
f) 831-459-2914
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
